Understanding the Windows User Profile

What is a User Profile?
A User Profile is the files and directories that contain the user-specific data that define the user’s working environment. This data can include display settings, application settings and network connections.

A user profile consists of:
A registry hive that is essentially a database that stores the user-specific settings. This registry hive is stored in the NTUSER.DAT file.
A set of folders that are stored in a per-user directory. Applications and other operating system components populate this user folder with subfolders and user-specific data, such as start menu items, desktop shortcuts, configuration files, startup applications

What are the different user profile types?
Local User Profiles
Local User Profiles are the default profile type in a Windows environment. The user profile files and folders are stored on the local machine’s hard drive. Since the users’ profiles are stored locally, logon times are generally faster than a roaming profile.

Common issues with local profiles
Unlike a mandatory or roaming profile, each user will have an individual profile on each server or workstation that he or she logs onto.
User-specific settings for an individual user will vary on each server or workstation.
Users are forced to configure user-specific settings (e.g. email account, application settings, desktop settings, etc.) on each machine that they log onto.
Having multiple profiles for a single user will require more storage space.
Users’ files and documents that are stored on one workstation (or server) may not be available on a different workstation.

Roaming User Profiles
Roaming user profiles are stored on a network share location. When the user logs in, the profile is copied from the share location to the machine that the user is logging onto. When the user logs off, the profile is copied back to the network location. Successful deployment of roaming profiles may include high-speed connectivity such as a SAN (System Area Networks) or NAS (Network Area Storage). Clustering may also be used to provide high-availability.

Common issues with roaming profiles
· Slow logon times – Generally caused by user profile bloat. The users’ profiles become large in size and therefore when the profile is transferred from the network share location to the server or desktop that the user is logging into, it takes longer for the profile to load. This issue can also be caused by network latency, or a combination of network latency and profile bloat.
· User profile corruption – This occurs when the Ntuser.dat file (the file that contains the user’s Current User registry hive) contains only part of the profile information. The file becomes inconsistent. This can be caused when a user prematurely turns off the workstation before the profile is fully copied back to the network share location, or the network connection from the file share to the workstation (or server) is severed. Applications constantly write to the registry. Another cause of profile corruption is when an application encounters an error during a write operation causing the write operation not to complete.
· User profile does not completely unload, the session does not completely terminate- Processes and applications maintain connections to registry keys in the users profile after the user logs off, preventing the session from ending.
· Last writer wins- Windows writes a locally cached user profile back to the network file server during the logoff process. File timestamps are compared and only files with the most recent timestamp are overwritten to the network profile. This works well in the file system, however, the user’s registry hive (or ntuser.dat file) is always overwritten due to the fact that the registry is always modified in a session. This presents issues when the user is logged onto multiple sessions. The changes that were made to the registry from one session are saved back to the user’s network profile when the user logs off. These changes are overwritten when the user logs off from the second session.

Mandatory User Profiles
Like a roaming profile, a mandatory profile is also stored in a network location. Unlike a roaming profile, a mandatory profile, by definition is read-only. A user may make changes, but the changes are not saved back to the profile at logoff. The ntuser.man file is never modified; therefore the profile is not likely to become corrupted. Because a mandatory profile is read-only, a single profile can be used for a large group of users. A mandatory profile does not contain user-specific data; therefore the size of the profile is much smaller than a roaming profile, hence logon times are generally much faster.

Common issues with mandatory profiles
Since the user settings are not saved at logoff, the user will need to customize his or her settings again on the next logon.
Mandatory profiles can be difficult to fine-tune.
Cryptographic Keys and Certificates Cannot be used with Mandatory Profiles.

Simplify Profiles and the “Hybrid” User Profile
Simplify Profiles offers a fourth user profile type, commonly referred to as a “Hybrid” profile. It is a hybrid profile in that it uses either a mandatory or local user profile on the back end, but offers the ability to customize and replicate user-specific settings to multiple servers and/or workstations.

This is accomplished by using an agent that stores user-specific settings in an SQL Database. During a user logon, changes that affect the user’s registry hive are saved back to the SQL Database. These registry settings are restored to the user’s profile upon logon, even if the user logs onto a different server or workstation. The administrator has the ability to granularly assign areas of the registry to be saved and then restored when a change is affected. The users’ profile folders can be redirected to a network location, to be accessed on an as-needed basis. Unlike with a roaming profile, the profile folders and files are not transferred to the machine that the user is accessing. They are directly read from and written to the network location. The end result is lightening fast logon times and a profile that is less likely to become corrupt.

For more information about Simplify Profiles click here.